VLAN & wired Aimesh over managed switch

[manor]

I'm trying to get a pair of Asus RT-AC68U to work as Aimesh devices with wired backhaul in a VLAN setup I have with pfsense and a managed switch from zyxel.

My configuration is according to the drawing. I use pfsense to manage the VLAN11 via DHCP. All my wifi devices get ips from VLAN11. Since the Asus APs dosn't have the VLAN function on the ethernet ports I have set the ports 7&8 with PVID=11 in the switch and same ports are untagged in the VLAN11 setting. Port 1 is tagged in VLAN11 to reach out to pfsense.

My current issue is that I don't get the wired backhaul to work when connected over the switch port 7&8. I need to have a direct wire between my APs to get the aimesh node working over cable (red line). If connected over switch the aimesh changes to wifi connection between APs. Main AP is connected to port 8 on switch and Lan1 on AP. Nod AP is connected to port 7 on switch and port 0 (WAN port) on AP. All according to Asus instruction for wired backhaul with aimesh.

I believe that the issue is that the wired backhaul in aimesh uses some VLAN of it's own to communicate between APs and that my setting in the switch prevents this, only allowing VLAN11. If I use an unmanaged switch between the APs the link works, but not over managed ports. I guess I need to additional configuration in the Asus to match VLAN11 or something on the switch to match asus aimeah backhual, but I don't know how to do it. Any suggestions would be helpful.

To clairfy, when using the red wire between the APs I don't have the blue wire on port 7 to AP nod. I want to be able to use the blue and remove the red.

 

[Bschmabo]

I was able to get AIMesh working with an Aruba InstantOn 1930 48-port POE managed switch. The issue is some sloppy code in Asus’s router software, but which can be worked around as follows (with steps 4/5 depending on whether you will use all wired backhaul, or a combination of wired and wireless backhaul):

1. Create a VLAN on the switch that includes all ports you will use for the Ethernet backhaul, with those ports UNTAGGED. I used default VLAN 1 for this.

2. Connect the Asus router via Ethernet from a switch port on VLAN 1 to a LAN port on the router.

3. Connect the Asus wired nodes via Ethernet from a switch port on VLAN 1 to each node’s 2.5G WAN port.

4. (Only if all nodes wired): If ALL your Asus nodes are connected via Ethernet, go to the ASUS router web portal, navigate to General>AIMesh>System Settings>Ethernet Backhaul Mode, and check the enable toggle switch. Once enabled, you are done, and all nodes should now recognize the Ethernet backhaul. Wallah!

5. (Some nodes wired, some nodes wireless): If ANY of your Asus nodes will use wireless backhaul, the Ethernet Backhaul Mode toggle will be greyed out by Asus’s software. Instead, you have to manually set the Backhaul Connection Priority for each node. For each node, go to the ASUS router web portal, navigate to General>AIMesh>Topology>Node Name>Management>Backhaul Connection Priority. For each Ethernet backhaul node, set the priority to “2.5G WAN first.” For each wireless backhaul node, set the priority to either “6GHz WiFi first,” “5GHz WiFi first,” or “Auto.” Done.

Ultimately, the problem is Asus’s “Auto” Backhaul Connection Priority setting. If a node’s priority is “Auto,” it will correctly default to Ethernet backhaul when connected directly to the router or through an unmanaged switch. However, the “Auto” setting will incorrectly default to wireless backhaul when the Ethernet connection is through a managed switch’s VLAN. The Asus router and nodes can still see the Ethernet connection through the VLAN, but the “Auto” setting incorrectly prioritizes wireless backhaul instead. Asus could likely fix this with a few lines of code. But until they patch this, do not use the “Auto” setting for any nodes connected to a managed switch. Either enable the Ethernet Backhaul Mode (all nodes wired), or set the connection priority for each wired node to explicitly prioritize your Ethernet connection (2.5G WAN) first.